ima: Fix use-after-free on a dentry's dname.name - kernel

diff options

author	Stefan Berger <[email protected]>	2024-03-22 14:03:12 +0000
committer	Mimi Zohar <[email protected]>	2024-04-08 11:55:47 +0000
commit	be84f32bb2c981ca670922e047cdde1488b233de (patch)
tree	a3c135a23ab2e801c0f2ab977e0a77d2122cdb13 /security/selinux/hooks.c
parent	Linux 6.9-rc3 (diff)
download	kernel-be84f32bb2c981ca670922e047cdde1488b233de.tar.gz kernel-be84f32bb2c981ca670922e047cdde1488b233de.zip

ima: Fix use-after-free on a dentry's dname.name

->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead. Link: https://lore.kernel.org/all/20240202182732.GE2087318@ZenIV/ Signed-off-by: Al Viro <[email protected]> Signed-off-by: Stefan Berger <[email protected]> Signed-off-by: Mimi Zohar <[email protected]>

Diffstat (limited to 'security/selinux/hooks.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: